It may not qualify as a conventional sting operation; still Symantec’s recent Smartphone Honey Stick Project caught several folks in the act of privacy invasion when confronted with a lost smartphone.
To show what can happen to personal and business data when a smartphone is lost or worse stolen, Symantec intentionally ‘lost’ 50 smartphones. First they loaded up the devices with simulated corporate and business data – and the ability to remotely monitor them – and then dropped them in New York, Washington, Los Angeles, San Francisco and Ottawa. They left the smartphones in high traffic places like elevators, malls, food courts and public transit stops; then they waited to see what happened.
The findings indicate it’s hard for most of us to resist temptation. The official blog on the project, prompted by a Symantec employee whose wife got mugged and her purse stolen, indicates that only half of the people who found the phones even attempted to return them. Worse yet, even the ones who made attempts to return them first tried to view the data on them.
In total, 96 percent of the phones were accessed by their finders. Sixty percent of the finders tried to view social media information and email; 80 percent of the finders tried to access corporate information including files clearly marked HR salaries or HR cases.
The message is pretty obvious. Walking around with lots of sensitive data, company or personal, on your smartphone is a risk if the device gets lost or stolen. With BYOD (Bring Your Own Device) becoming more and more commonplace among companies, the threat to your corporate data is even greater.
Smartphones and tablets are enabling a new way to work – anywhere, anytime – and the benefit to your business outweighs the risks. Prepare yourself with a security policy in place that includes password protection. There also are programs that allow you to remotely wipe the data off the phone once it is lost. They sound like a wise investment.
You can find more suggestions in Symantec’s report on the project.